Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5651
Views
0
Helpful
4
Replies

Error 691 MS-CHAP connection to an ASA5505 HELP! :(

Go to solution
vickyleach1
Level 1
Level 1

‎10-07-2010 11:20 AM

The firewall is set up for L2TP MSCHAP with RADIUS authentication. It connected fine then suddenly stopped working. Here is my troubleshooting so far:

The configuration on the firewall is perfect (it worked for a while then stopped so no surprises there), I verified IPSEC was running on my PC, I tested the authentication and connection through the VPN client and it works perfectly, the following hotfix is installed on my PC that is trying to connect:

http://support.microsoft.com/kb/980399/en-us

What else could be wrong?

It gets to "verifying user name and password..." then throws me the "Error 691: The remote connection was denied because the user name and password combination you provided is not recognized, or the selected authentication protocol is not permitted on the remote access server.

It cant be the username and password because I logged into the server, created a new user then tested that user with the L2TP Group policy group in the VPN client and it worked.

Help me please

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Namit Agarwal
Cisco Employee
Cisco Employee
In response to vickyleach1

‎10-08-2010 05:06 PM

Hi Vicky,

Yes the protocol should match on the server i.e. the ASA and the user authentication type. That is the reason I had advised to check if the user authentication using Radius and the Server both have MSCHAP.

I guess your query has been answered. Please mark the post as answered if everything is ok.

Thanks,

Namit

View solution in original post

0 Helpful
4 Replies 4

Go to solution
vickyleach1
Level 1
Level 1

‎10-07-2010 11:33 AM

Oh yeah, and I have disabled anti-virus and my firewall

0 Helpful

Go to solution
Namit Agarwal
Cisco Employee
Cisco Employee
In response to vickyleach1

‎10-07-2010 05:12 PM

Hi ,

Could you please provide the config on your ASA ? Also does your radius server have MS-CHAP enabled for the user account you are using ?

thanks,

Namit

0 Helpful

Go to solution
vickyleach1
Level 1
Level 1
In response to Namit Agarwal

‎10-08-2010 06:08 AM

Ok worked out my issue:

You cannot use MS-CHAP v2 with an LDAP server setup. I changed it to PAP and it worked. Sorry thought the config was perfect as I had used it on another network but I remembered, I had not used the LDAP authentication on the other one.

Thanks for your input though

0 Helpful

Go to solution
Namit Agarwal
Cisco Employee
Cisco Employee
In response to vickyleach1

‎10-08-2010 05:06 PM

Hi Vicky,

Yes the protocol should match on the server i.e. the ASA and the user authentication type. That is the reason I had advised to check if the user authentication using Radius and the Server both have MSCHAP.

I guess your query has been answered. Please mark the post as answered if everything is ok.

Thanks,

Namit

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents